This is an automated email from the ASF dual-hosted git repository.
smiklosovic pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/trunk by this push:
new a94736ca50 Update snakeyaml to 2.4
a94736ca50 is described below
commit a94736ca504129edf03f66041fcbe2368d3bb689
Author: Stefan Miklosovic <[email protected]>
AuthorDate: Fri Sep 26 17:34:14 2025 +0200
Update snakeyaml to 2.4
patch by Stefan Miklosovic; reviewed by Brandon Williams for CASSANDRA-20928
---
.build/parent-maven-pom.xml | 16 ++++++++--------
CHANGES.txt | 1 +
2 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/.build/parent-maven-pom.xml b/.build/parent-maven-pom.xml
index 357e178d82..e61e4208d6 100644
--- a/.build/parent-maven-pom.xml
+++ b/.build/parent-maven-pom.xml
@@ -446,17 +446,14 @@
<version>2.19.2</version>
</dependency>
<dependency>
+ <!-- Keep an eye on this when bumping it as it depends on snakeyaml we
use in production as well
+ and historically we have been excluding snakeyaml from here. We are
using snakeyaml 2.4 now, Jackson 2.19.2
+ is using snakeyaml of that version too, so it is not necessary to
exclude it. OWASP checks 12.1.6 also
+ depends on snakeyaml 2.4. -->
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-yaml</artifactId>
<version>2.19.2</version>
<scope>test</scope>
- <!-- 2.19.2 would bring in snakeyaml 2.4, but we depend on 2.1 in prod
code -->
- <exclusions>
- <exclusion>
- <artifactId>snakeyaml</artifactId>
- <groupId>org.yaml</groupId>
- </exclusion>
- </exclusions>
</dependency>
<dependency>
<groupId>com.boundary</groupId>
@@ -469,9 +466,12 @@
<version>${jamm.version}</version>
</dependency>
<dependency>
+ <!-- Test scoped jackson-dataformat-yaml also depends on snakeyaml.
For now, these versions are aligned
+ but if you happen to bump it here then exclude it in
jackson-dataformat-yaml.
+ -->
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
- <version>2.1</version>
+ <version>2.4</version>
</dependency>
<dependency>
<groupId>junit</groupId>
diff --git a/CHANGES.txt b/CHANGES.txt
index 062ab31d22..512a574614 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
5.1
+ * Update snakeyaml to 2.4 (CASSANDRA-20928)
* Update Netty to 4.1.125.Final (CASSANDRA-20925)
* Expose uncaught exceptions in system_views.uncaught_exceptions table
(CASSANDRA-20858)
* Improved observability in AutoRepair to report both expected vs. actual
repair bytes and expected vs. actual keyspaces (CASSANDRA-20581)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
